CVE-2023-34246

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-34246

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34246.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-34246

Aliases

GHSA-7w2c-w47h-789w

Related

Published

2023-06-12T17:15:09Z

Modified

2024-12-09T04:45:37.928208Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.

References

Affected packages

Debian:11 / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.0-2+deb11u1

Affected versions

5.*

5.3.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.0-2

5.6.6-1

5.6.6-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.6-2

Affected versions

5.*

5.5.0-2

5.6.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/doorkeeper-gem/doorkeeper

Affected ranges

Type: GIT
Repo: https://github.com/doorkeeper-gem/doorkeeper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

986115cc228ff30dc1ead0f4101195448994f5d4

Affected versions

v.*

v.5.3.0

v0.*

v0.1.0

v0.1.1

v0.2.0

v0.3.0

v0.3.2

v0.4.0

v0.5.0.rc1

v0.6.0

v0.6.0.rc1

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v1.*

v1.0.0

v1.0.0.rc1

v1.0.0.rc2

v1.1.0

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v2.*

v2.0.0

v2.0.0.alpha1

v2.0.0.rc1

v2.0.0.rc2

v2.0.0.rc3

v2.0.1

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.2.0

v2.2.1

v3.*

v3.0.0

v3.0.0.rc1

v3.0.0.rc2

v3.0.1

v3.1.0

v4.*

v4.0.0

v4.0.0.rc1

v4.0.0.rc2

v4.0.0.rc3

v4.0.0.rc4

v4.1.0

v4.2.0

v4.2.5

v4.2.6

v4.3.0

v4.3.1

v4.3.2

v5.*

v5.0.0

v5.0.0.rc1

v5.0.0.rc2

v5.0.1

v5.0.2

v5.1.0

v5.1.0.rc1

v5.1.0.rc2

v5.2.0

v5.2.0.rc2

v5.2.0.rc3

v5.2.1

v5.2.2

v5.2.3

v5.4.0

v5.4.0.rc1

v5.4.0.rc2

v5.5.0

v5.5.0.rc1

v5.5.0.rc2

v5.5.1

v5.5.2

v5.5.3

v5.5.4

v5.6.0

v5.6.0.rc1

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5